We recently announced that Accenture and Palo Alto Networks have partnered to deliver joint secure access service edge (SASE) solutions that enable organizations to improve their cybersecurity posture and accelerate business transformation initiatives.

As enterprises need to keep up with a growing hybrid workforce, SD-WAN deployments and multicloud adoption, the implementation of new technology and services has to be thoughtful. By combining Accenture's expertise with Prisma SASE, customers can leverage new management resources, services and technologies to accelerate their SASE transformation.

Distributed Workforce and Fragmented Security Driving Investment in SASE

Organizations today must enable the flexibility required by the modern workforce without compromising on security and user experience. Traditional security and networking solutions rely on an outdated architecture that backhaul user traffic to data centers. This centralized approach results in higher costs and latency to the end user experience, as well as inconsistent security policies and capabilities.

Many organizations are turning to SASE for a consistent and scalable way to provide secure connectivity everywhere. A recent customer survey conducted by Foundry, on behalf of Palo Alto Networks and Accenture, reveals the three most important benefits of SASE — increased optimized performance, increased IT staff effectiveness and threat prevention, and risk reduction.

Complete Your SASE Transformation with Palo Alto Networks and Accenture

Together, Palo Alto Networks and Accenture deliver a comprehensive managed SASE solution that tackles the challenges organizations face today. By combining the strength of the largest global systems integrator with the industry’s most complete SASE solution, enterprises worldwide can propel their business transformation forward, benefiting from enhanced network performance and consistent security policies and implementation.

At the core of this offering, Prisma SASE brings together cloud-delivered security and next-gen SD-WAN into a unified platform to secure all apps and users irrespective of their location. Prisma SASE consolidates multiple point products, including ZTNA, Cloud SWG, CASB, FWaaS and SD-WAN, making it easy for organizations to reduce the fragmentation of security and networking tools. Additionally, the solution provides uncompromised performance backed by leading SLAs, while the industry’s only SASE-native ADEM helps ensure an exceptional experience for your end users.

The Palo Alto Networks and Accenture partnership enables customers to design and implement Prisma SASE with the benefit of outsourcing management and maintenance to a trusted partner. Through this partnership, enterprises will be able to take advantage of three new services offered by Accenture to accelerate their SASE adoption:

• SASE Diagnostic and Advisory Services help businesses reimagine their network security architecture and expedite cloud adoption.
• SASE Implementation Services help organizations unlock digital transformation opportunities and define a smooth path to Zero Trust.
• SASE-as-a-Managed-Service includes an end-to-end offering with Prisma SASE, Zero Trust network access (ZTNA 2.0) and cloud-managed wide-area networking (WAN).

Together, we offer an easy path for customers to embark on their SASE transformation journey by enabling them to understand their network security landscape. By harnessing industry-leading networking and security capabilities, enterprises can take advantage of solutions that provide the superiority of ZTNA 2.0, simplified operations and an exceptional user experience.

Read our recent press release to gain insights into our strategic partnership with Accenture, and discover more about how Accenture and Palo Alto Networks jointly deliver an AI-powered Prisma SASE.

The post Accenture Teams with Palo Alto Networks to Bolster Zero Trust Security appeared first on Palo Alto Networks Blog.

This launch further expands the advanced capabilities of the entire Cortex Portfolio when it comes to AI and machine-learning capabilities. The latest features found in Expander 2.2 will help organizations better prioritize and remediate attack surface risks by utilizing real-world intelligence and AI-assisted workflows. Organizations can now effectively manage and shrink their overall attack surface by proactively identifying and responding to internet emergencies and detecting vulnerabilities before they become a major threat to an organization. These new active attack surface management capabilities provide security teams with advanced visibility and intelligence that is needed to make informed and powerful remediation decisions quickly and effectively.

XSIAM 1.5, this new release boosts enhanced playbook incident context, as well as more advanced automation capabilities and use cases for playbook development via the Playbook Playground. You can now also leverage the new high-availability cluster for the Broker VM – a critical data collection component – or utilize the comprehensive health monitoring of all the data sources you collect, which is available in both XSIAM 1.5 and XDR 3.7.

Learn more about the newest features now available across the Cortex Portfolio below and sign up for our newsletter to stay up to date on the latest innovations from Cortex.

What’s Next with Cortex

Cortex XSIAM 1.5

Cortex XSIAM is designed to provide a powerful data-centric foundation for the largest and most advanced environments. As data is a primary element of the Cortex XSIAM strategy, it is critical to ensure that data ingestion is highly reliable and continuously monitored, which is exactly what you’re getting with this new Cortex XSIAM 1.5 release.

• Data Ingestion Health – Expanded data health offers security engineering visibility into significant health issues. The granular health metrics provide visibility into the data pipeline, as well as out-of-the-box health alerting capabilities. Health alerts are currently in beta.
• Broker VM High Availability (HA) – Customers can safeguard their Broker VM deployment by creating HA Clusters that provide redundancy of specified Broker VM components in one or more clusters.
• Playbook Incident Context – This enhances the investigation and response process, and improves incident management with cross-alert, playbook decision-making. This new feature offers to run playbooks on alerts while accessing incident-level information.
• Playbook Playground – Allows easier playbook development without impacting production environments by running a playbook in a sandbox environment.
• Multi-Tenancy – This supports multi-tenancy through a new parent-child deployment option to address the unique requirements of distributed organizations with multiple Cortex XSIAM tenants.

Cortex XDR 3.7

The latest Cortex XDR 3.7 release delivers new features and enhancements, including improved identity threat visibility, enhanced built-in automation tools, and bolstered endpoint protection. These new features will make it easier than ever to manage forensic investigations while reducing operational overhead. Additionally, you can now ensure streamlined Broker operations using high-availability architecture.

• eXtended Threat Hunting (XTH) Module – Delivers analytics-driven detection capabilities that empower security teams to prevent threats faster and detect effectively with more precision.
• Broker VM High Availability (HA) Cluster – Customers can safeguard their Broker VM service by creating HA Clusters that provide redundancy of specified Broker VM components in one or more clusters.
• Identity Threat Module (ITDR) Enhancements – Customers can broaden their ITDR investigative capabilities with added asset and role exposure.
• Simplified Automation Enhancements – Expands simple automation actions with forensic-related actions and configurable thresholds of additional response.
• New Security Module for IIS Protections – Improve customers’ detection and protection coverage capabilities with the new module for early detection of threats targeting IIS-based applications.

Cortex XSOAR 8.3

The new Cortex XSOAR 8 delivers all the rich automation capabilities of XSOAR, but with new and improved performance and user experience, plus cloud-native support for SaaS deployments. This latest 8.3 release is focused around enhancing the new platform, which is also relevant to other Cortex products.

• New Platform level enhancements – Enhanced role-based access control (RBAC), user-group management and incident navigation.
• Content Pack enhancements - Simplify and enhance existing packs focusing on Palo Alto Networks product integrations with XSOAR, XSIAM and ITDR playbooks.
• XSOAR 8 migration - Continued focus on migration of hosted customers to XSOAR 8 SaaS, with new licensing options for SaaS customers.

Cortex Xpanse — Expander 2.2

In the new Expander 2.2 release, we’ve improved our active-risk prioritization features from our 2.1 release by adding in a new Cortex Xpanse Threat Response Center, which will allow teams to learn about the latest threats and identify the organization’s public-facing exposures. It will also help security teams manage and proactively resolve risks. Additionally, we’ve added several powerful augmentation features that automatically enrich an incident to aid analysts in the investigation and provide faster response using our newly advanced AI-powered incident investigation capabilities and playbooks.

• Threat Response Center – Improves zero-day response and prioritizes exposures that matter, using Risk Scoring and the Threat Response Center.
• Incident Risk Scoring – Security teams can now use adaptive risk scores based on threat, and exploit intelligence to better prioritize and focus efforts on the exposures most likely to be attacked.
• Security Rating Dashboard – Organizations can assess their security health and hygiene, track risk trends over time, compare their ratings with industry peers and reduce cyber insurance premiums.
• AI-Powered Exposure Resolution – Improves attack surface remediation using AI-powered playbooks, including the new Remediation Path Rules, Onboarding Configuration Wizard and Active Response Content.
• Business Unit Management – Organizations can exert more control over their distributed attack surface by transferring assets between business units.
• Integration with Prisma Cloud – Reduces the cloud attack surface by gaining visibility into unknown and unmanaged cloud assets, using Prisma Cloud for comprehensive cloud security and central policy enforcement.

Register for our Cortex Xpanse Webinar, “Risk, Curated: Dynamically prioritize attack surface risks with the latest Xpanse” on August 30th, 2023. Learn more about the new Expander 2.1 and 2.2 features, as well as an inside look at the latest 2023 ASM Threat Report.

The post Cortex Leads New Ways to Introduce AI-powered Capabilities appeared first on Palo Alto Networks Blog.

Using WildFire in 2021 to analyze malicious files, our threat research team discovered a 73% increase in Cobalt Strike malware samples compared to 2020. The speed, volume and sophistication of modern malware attacks has made them more difficult to detect. This, paired with the agility of the cloud, gives rise to a heightened — and formidable — state of risk.

The Gap Between Risk and Reality

Enterprises can’t afford to leave the frontlines and backdoors open to risk while taking weeks to deploy security products. They want better out-of-the-box security from tools, according to the cloud-native security report mentioned above. Efficiency, after all, becomes paramount with a shortage of skilled security professionals. Teams need the ability to set up cloud security in a few clicks. Organizations need actionable insights on day one from the solutions they rely on.

Agentless Workload Scanning

Today, we’re excited to announce that Prisma Cloud agentless workload scanning is now backed by Palo Alto Networks Advanced WildFire, the industry’s leading malware scanning engine. Advanced WildFire is a cloud-delivered service that uses ​patented machine learning detection engines to identify 99% of known and unknown malware. It allows security teams to leverage advanced malware analysis for containers and hosts in runtime, without having to deploy agents.

In addition, this release includes other advancements:

• Agentless vulnerability and compliance management for Windows host machines on all three major cloud providers
• Extension of Cloud Workload Protection capabilities to five additional compute operating systems
• Continuous examination of API changes and usage to detect unwanted changes or API risk

Agentless Workload Malware Scanning

Container images, running containers and virtual machines may contain malware, such as cryptominers or viruses. For example, Unit 42 found 30 malicious images in Docker Hub with cryptominers that had been pulled 20 million times. While many organizations turn to sandboxing solutions for malware analysis, these solutions affect user productivity and are slow to predict verdicts.

Two years ago we started offering a native integration with Advanced WildFire for advanced malware analysis for containers and hosts in CI/CD pipelines and in runtime. We’re now extending this functionality to our agentless deployment options for hosts, VMs and container machines.

Users can scan their workloads for malware with a platform that provides flexible deployment options to fit their environments’ needs. Agentless workload scanning for known malware via Advanced WildFire is widely available. Support for zero-day malware detection is expected later this summer in SaaS Edition.

Agentless Workload Scanning Extended to Windows

Organizations often just want visibility into their cloud workloads and applications. About 18 months ago, we released agentless scanning to provide visibility into an organization’s cloud estate. This feature complemented existing agent-based protection. At the time, Prisma Cloud was the only code-to-cloud CNAPP with support for the three major cloud providers — Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).

In this release, we’re extending agentless capabilities to support 2016-2022 Windows Host machines on all three major cloud providers, supplying security teams with greater flexibility on how to engage cloud workload protection. Users can now gain visibility into vulnerabilities and compliance across Linux and Windows-based cloud workloads for AWS, Azure and GCP — without having to deploy agents.

• Agentless Scanning Demo

Broader Support for Additional Operating Systems

As the number of cloud workload services increases, customers are leveraging platforms that best suit their applications’ needs. But security teams are unable to secure cloud workloads if their existing solution doesn’t support the operating system. This leaves a potentially damaging gap in their cloud security strategy.

Prisma Cloud offers the broadest coverage for cloud workload protection, supporting over 30 different operating systems. We’re now extending our cloud workload protection capabilities to five additional compute platforms: Windows Server 2022, Oracle Linux, RHEL 9, TalOS Linux, CBL-Mariner, and Rocky Linux.

API Change Detection

API attacks and abuse have been top-of-mind for most organizations. Prisma Cloud provides complete API discovery, risk profiling and real-time protection for all APIs as a part of its Cloud-Native Application Protection Platform (CNAPP).

The State of Cloud Native Security Report showed that 38% of respondents are committing new code daily. Snapshot-based API scans only provide security teams with point-in-time visibility, leaving them blind to API changes that create unwanted risk. Security teams need an approach that tracks API changes for efficient investigation.

Prisma Cloud continuously monitors APIs for changes that lead to unwanted risk. As development teams make frequent changes and updates to APIs, security teams now have visibility into these changes and the potential risk they might pose to the application at runtime. They can use this information to add protection to the endpoint or share information with their development team to remediate risk.

• API Change Detection Demo

Learn More

To learn more about the latest enhancements to Prisma Cloud, request a free trial.

The post Agentless Workload Scanning Gets Supercharged with Malware Scanning appeared first on Palo Alto Networks Blog.

Meanwhile, ransomware gangs increasingly target data theft for extortion and harassment. Vice Society, one such gang, has attacked at least 137 school systems and local governments since 2021. In one school district attack, Vice Society published student mental health records, demonstrating that no one is off limits.

Driving Factors of Cybercrime

Many factors drive the rise in cybercrime. Threat actors are motivated and use new, AI-driven technologies, which are readily available on the internet and make it easy to attack individuals and organizations.

At the same time, interconnectivity and the shift to remote and hybrid work expose individuals and businesses to threats at home, where they might not have adequate protection. As these working models bring an increasing number of cyberthreats to our doorstep, the average American home faces 100+ cybersecurity threats each month.

The Challenge for Business and Government

According to Palo Alto Networks’ “What’s Next in Cyber” report, almost half of North American C-level executives plan to dedicate a quarter to half of their cybersecurity budget to hybrid workforce security. While the U.S. government makes strides advancing Zero Trust, state and local organizations face unique challenges that make adoption difficult.

Helping the workforce adapt to a work-from-home lifestyle doesn’t just mean daily check-ins. The technology that makes remote work possible must be secured in new ways, requiring a new and modern approach to cybersecurity. While trust among coworkers is vital, effective cybersecurity requires a healthy degree of suspicion. Team building and trust exercises have their place. But when it comes to technology, we must maintain a “trust no one” mentality.

Remote Learning, Diverse Workforce Development Opportunities

Remote work requires a sea change in how we think about education and workforce development. A capable and diverse workforce with problem solving and project management skills will be in demand as Zero Trust security and similar innovations create career roles that didn’t previously exist, such as the Zero Trust architect.

To help states accelerate adoption of Zero Trust practices, our industries must embrace and prepare the new workforce. Federal leaders set examples with Zero Trust that our state, local and business leaders must follow. If successful, they’ll not only keep the economy and people safe but also support the development of a next-generation tech workforce.

In Support of Next-Gen Professionals

We see the ways to qualify for jobs changing, with employers hiring more credential and certificate program graduates and companies tapping into new and diverse talent pools. Palo Alto Networks helps state and local governments and educators develop and train the next generation of cybersecurity professionals for the new Zero Trust workforce.

The Palo Alto Networks Cybersecurity Academy is helping to develop the next generation of cyber-informed educators by assisting schools to deliver modern, real-life education about cybersecurity.

The Cyber A.C.E.S. Program, or Activities in Cybersecurity Education for Students Program, empowers students ages 5-15 to have safe online experiences. Our partnership with Girl Scouts of the USA led to a cybersecurity curriculum and corresponding first-ever Cybersecurity Badge. Together, these programs, among others, set the stage for young adults to move into cyber roles when they graduate.

With other programs, like our SE (Systems Engineering) Academies and Cyber STARS, a collaboration with the Thurgood Marshall College Fund, we focus on supporting and guiding college students and recent graduates.

For current cybersecurity professionals, Palo Alto Networks Beacon provides access to on-demand learning about cybersecurity and the Palo Alto Networks portfolio. The Beacon portal provides comprehensive courses on everything from cybersecurity fundamentals to advanced threat hunting and incident response.

Contact your Palo Alto Networks account executive to learn more.

The post Zero Trust: The Key to a Hybrid Workforce appeared first on Palo Alto Networks Blog.

Cybersecurity is different from many industries in that we’re not simply competing with each other. We’re actually trying to stop evil. Threat actors are damaging national security, halting hospital operations, threatening people’s livelihoods and more. All of us in the cybersecurity industry share a mission to stop the attacker, and so the days of not collaborating with each other are long gone.

The ongoing commitment of Palo Alto Networks to the CTA stems from this knowledge. While public policy changes matter, government alone can’t form all the relationships needed to defend against threat actors. The private sector must realize the need and give up the idea of looking bad or good individually, focusing on overall detection across the industry. There’s no joy in seeing a competitor suffer a major zero-day that leads to worldwide exploitation. No one company can truly realize their maximum potential without collaborative efforts to reduce the prevalence and impact of global cyberattacks. Of course, we can each set ourselves apart with how we use the threat intelligence we share, offering our customers sophisticated product features and services.

Threat Intelligence Sharing Success Stories

Over the past few years, events such as the attacks on SolarWinds and Colonial Pipeline or the Log4j vulnerability inspired a new emphasis on operational collaboration. With attackers taking up and putting down infrastructure very quickly these days, both public and private organizations recognize the need to work together so we can move as quickly as possible to make progress against cyberthreats.

And specific to the CTA, an early win came in response to the WannaCry outbreak, when within hours, the CTA kicked off an internal collaboration process. This joint effort sped up analysis by 24-48 hours per member, allowing needed protections to be put in place within a key timeframe.

Currently, we’re seeing a massive benefit of information sharing in Ukraine. I don’t believe organizations have ever shared information to this level in the history of cyber – and the coordination explains why we haven’t seen more harmful impact from cyberattacks, which could have intensified other forms of damage in the region.

Closer to home in the U.S., Unit 42 Senior Vice President Wendi Whitmore’s participation in the Cyber Safety Review Board alongside other leaders from government and industry is one example of public and private collaboration.

The Vision and Sharing Model of the CTA

I’m thrilled to be joining the CTA’s board because of the organization’s focus on fostering sharing between companies that would otherwise compete. I deeply value its vision – which started as a handshake agreement between two cybersecurity CEOs over a cup of coffee in 2014 – and am proud to be part of a neutral organization that encourages all companies to work together to make people safer.

A big part of what I like about the CTA is the commitment to ensuring that all members participate in sharing. Everyone must share and meet a minimum sharing requirement. The organization doesn’t allow free riders or pay-to-play – you give information in order to receive it. What we do share needs to be actionable, and sharing is done in a structured format that includes contextual information – increasing the value of what is shared and the ability of members to build real-life protections based on the information.

CTA members hold each other accountable as well. If we find a vulnerability in each other’s security software, the organization provides a healthy, productive way to coordinate with each other.

The sharing platform has evolved over the past seven years, incorporating industry standards like STIX/TAXII, Kill Chain and MITRE ATT&CK. The CTA typically shares “about 11 million observables per month… with an average of three pieces of context per observable.”

Palo Alto Networks maintains a strong presence across all functions of CTA governance, from the board on down to committees and working groups including Membership, Algorithm and Intelligence, Policy and Standards and others. We continue to walk the walk and spread the word on how an organization like the CTA can be successful and why it matters.

Get Involved in Coordinating Threat Intelligence

There is still work to be done, and we can’t do it alone. Please feel free to reach out to me, Michael Sikorski, for further information on how Palo Alto Networks has benefited from and why we continue to move forward with the CTA mission. If you’d like to join our ranks, the CTA would love to hear from you!

The more we coordinate, the stronger we will become. I envision a future in which we use the force multiplier of thousands of coordinated threat intelligence analysts and cybersecurity professionals to push back the tide of threat actors.

The post We Can’t Do It Alone: Sharing Threat Intelligence Makes Everyone Safer appeared first on Palo Alto Networks Blog.

It’s vital that organisations protect themselves from the increasing threats by deploying capabilities to help protect their business-critical data, systems and infrastructure. In order to do this, they must have the utmost confidence in the solution providers and the providers’ supply chain.

At Palo Alto Networks, we understand that customers want to know that the businesses they work with treat their critical data with as much care as they do, especially when it involves running essential services and national infrastructure.

In response, we are pleased to have obtained the Cyber Essentials Plus certification, which is backed by the UK Government and independently validates the strong measures we have in place to defend against cyber attacks. The certification also encompasses our Unit 42 Security Consulting and Professional Services.

With this certification, customers can be confident that Palo Alto Networks looks after their data with the highest level of protection while keeping their systems secure.

Why has Palo Alto Networks obtained the Cyber Essentials Plus certification?

Our achievement of the Cyber Essentials Plus certification is a demonstration of the dedicated and comprehensive approach we take to security and transparency.

While many government contracts require Cyber Essentials certification, ensuring their customers have a clear picture of their organisation's cybersecurity posture and the steps they have taken to protect their organisation should be the baseline for meeting customers' security expectations and requirements.

A full list of our certifications, principle conformance statements, and other related documentation can be found in our Trust Center.

Enhancing the technology assurance ecosystem

The Cyber Essentials scheme is designed to protect against the most common cyber threats and demonstrates an organisation’s commitment to cybersecurity. It is one of many initiatives developed by the UK government to help improve our collective resilience.

As the UK Government evolves its position on Technology Assurance, the NCSC continues to champion and push this agenda by providing advice and guidance from initiatives such as the Cloud Security Principles and Cyber Essentials scheme to the Cyber Assessment Framework (CAF) and telecom Vendor Security Assessment.

Adherence to these initiatives helps build confidence that the services and technologies the UK relies on are secure and resilient and will reduce the overall cybersecurity risks organisations face.

At Palo Alto Networks, we are committed to demonstrating to our customers that we adhere to these approaches to assurance. We strive to provide our customers with the highest level of confidence in our platforms and services, whether through programmes like Trust 360 or aligning with the NCSC Cloud Security Principles.

Supporting and conforming to international standards and accreditations underpins our commitment to being the cybersecurity partner of choice.

Learn more about how Palo Alto Networks keeps the public sector protected here.

The post Palo Alto Networks Achieves Cyber Essentials Plus Certification in the UK appeared first on Palo Alto Networks Blog.

With change comes opportunity, and together with our partners, we’re perfectly positioned to capitalize on the rapidly growing managed security services market. For some partners seizing this massive opportunity, they will require a business model shift — a commitment to a new way of doing business. For others, it is a continued commitment to investing in the development of new and innovative managed services. Either way, we want to provide MSSPs with a path to success by protecting their investments and rewarding their commitment to building Palo Alto Networks based managed security service offerings.

Managed Security Service Provider Path

With the recent introduction of the NextWave MSSP Path, we are transforming how we enable, reward and support MSSPs. In the last six months we have unveiled a wide-array of managed service enhancements to breakaway from the competition. This ranges from new MSSP post-sales enablement and access to service creation kits, to sharing best practices, such as a service implementation plan.

NextWave MSSPs can take advantage of our new enhancements to scale their managed security services by strengthening their capabilities and enabling their security operation center teams. We are committed to ensuring NextWave MSSPs are on the path to success:

• Enhancing profitability by unlocking additive discounts based on valued activities, such as deal submission.
• Enabling differentiation through product specializations and MSSP proficiencies, including two new MSSP proficiencies for Prisma SASE and Cortex XSOAR.
• Expanding opportunities with MSSP solution, training and growth incentives, plus the ability to retain title/license.
• Empowering success by sharing best practices, such as the service implementation plan.

More specifically, we have rolled out a few new benefits to help partners develop their Palo Alto Networks based managed security service offerings:

1. Exclusive access to our Members Only Service Creation Library — A one-stop-shop to learn more about product APIs, third-party product integrations and deployment scenarios.
2. Access to our Partner Evaluation System — Licensing tool to simplify solution testing and reduce time to market.
3. Service Implementation Plan — This best practice is key to providing clear guidance and tasks to help NextWave MSSPs build repeatable Palo Alto Networks based managed security services.

Creating a managed security service practice is a major commitment, and we recognize that not all partners are at the same stage in their managed security services journey. Some are just beginning, others are strengthening and some may not be ready to build their Palo Alto Networks based managed security service practice. For this reason, our MSSP Path offers our partners a variety of options. Effective in August 2023, we will unveil a new MSSP Path entry level. The new MSSP Registered entry level will provide our partners with access to the necessary tools, training and resources to develop their Palo Alto Networks based managed security service offering and expertise.

The MSSP Registered entry level is the perfect complement to our more established MSSP Innovators who have both product and post sales expertise. And for those who are not ready to invest in building a Palo Alto Networks based managed security service practice, we have our Partner-to-Partner (P2P) initiative in North America. P2P MSSPs give our solution providers access to Palo Alto Networks based managed security services across our entire product portfolio.

For more than 10 years, our award-winning NextWave Partner Program has been the catalyst for partner change, guiding our partners to success by enabling them to capitalize on market transitions. There has never been a better time to become a NextWave partner. If you’re already a partner, learn more about the MSSP Path and access all of the content listed above (and more) on the partner portal.

The post Managed Security Service Provider Disruption — Breakaway 1=5 appeared first on Palo Alto Networks Blog.

To help mitigate these rising threats, NHS England has identified internal networks as a significant area of risk. They have worked with cybersecurity vendors to develop guidance on internal network segmentation, use cases and patterns.

In response to our engagement with NHS England, Palo Alto Networks published a paper on Network Segmentation Patterns for NHS, setting out how an organisation can apply our technology to deliver a Zero Trust network architecture.

What Is the Problem?

Implicit trust is a term used to describe the elimination of security controls within a specific context — the most common is user location. For example, an NHS trust might allow a user located inside a hospital full access to all internal applications and only verify their identity once. However, the same user accessing resources remotely might be subject to additional security controls, such as MFA, posture checks, additional firewall and threat prevention policies, while accessing the same internal applications.

In typical network and security architectures, implicit trust is common, but a weakness that can be as damaging as any other vulnerability. Traditional perimeter-based security wrongly assumes that all devices and users within an organisation’s internal network can be trusted. Furthermore, the security stack is built around applications hosted within the local data centre. However, NHS organisations have evolved over time, and this approach no longer provides the security controls needed to protect critical assets.

For example, organisations are seeing a constant rise in the number of medical IoT devices on NHS networks. In addition, there are Building Management Systems (BMS), environmental and other non-medical IoT devices that are deployed throughout an organisation’s infrastructure. The NHS is also undergoing significant digital transformation, which drives adoption of cloud-delivered applications, distributed architectures, shared services, remote access and PCI requirements.

All of these are accessing data and services through the local infrastructure.

What Is the Solution?

Not all NHS organisations are the same and no single solution is going to work for all entities. Organisations need to establish an approach that is simple to adopt, but flexible enough for different environments.

The solution is a Zero Trust Architecture not tied to a specific technology or product. This provides a flexible framework to mitigate the implicit trust problem within an organisation, internally and externally. Which means all users, devices and applications must verify each and every transaction, regardless of their location. The easiest way to think about it is to apply all the same controls internally that you would apply remotely — a simple, sensible and consistent approach to security.

However, while a straightforward approach is needed, it can still involve various technologies, and it can be difficult to visualise how this might be implemented, given the complexity of healthcare networks. This might include usability problems, such as SD-WAN, MPLS, branch sites, clinics and public cloud. This could also create technology constraints including SDN, microsegmentation, PCI requirements and patient access. A Zero Trust approach will help healthcare entities address all these challenges.

The paper Palo Alto Networks developed for the NHS delves deeper into the Zero Trust approach. It sets out the architecture and why this is now the recommended approach taken by organisations, such as the UK National Cyber Security Centre (NCSC), NIST, Microsoft and Google. Read a copy of the Network Segmentation Patterns for NHS paper, which is also available through the NHS Cyber Associates Network. It provides technical information on how Palo Alto Networks can support organisations to implement a Zero Trust Architecture, focusing on network segmentation, visibility and controls.

The post Network Segmentation for the NHS appeared first on Palo Alto Networks Blog.

Billy’s journey in the field of AI for security began when he first programmed AI systems to protect innocent players from trolls in popular video games, like World of Warcraft^®. Today, his work focuses on applying machine learning to identify and stop malicious activities, such as malware, phishing and other cyberthreats, ensuring the safety of Palo Alto Networks customers.

One of the first topics discussed is the alarming growth of malware over the years. Billy explains that the number of unique malware samples has skyrocketed from around 85 million in 2012 to over a billion today. This exponential growth necessitates innovative approaches to detecting and mitigating these threats.

Billy then highlights some exciting applications of their AI-powered products. For instance, their machine learning models can analyze various aspects of a webpage, such as its content, images and URL, to determine if it is a phishing page. The ability to automate this process is particularly crucial considering the massive scale at which these analyses need to be performed. With millions of potential threats encountered daily, relying solely on human experts is impractical, making machine learning a vital tool in ensuring effective security.

The interview further explores the challenge of phishing detection, where attackers continually evolve their tactics. Initially, the focus was on identifying suspicious web page content, but attackers began using JavaScript to create convincing replicas of legitimate login pages. To address this, Palo Alto Networks implemented machine learning models capable of analyzing webpage images. For instance, by training the models on known images from different banks and organizations, they can accurately identify phishing attempts by detecting mismatches between the actual organization and the presented content. Billy explains further:

“You can look at the URL of the webpage. All of these things will allow you to
make a decision whether or not this is a phishing page. And all of this is done
by machine learning. But now imagine that you have to do this 50-60 million
times a day. That's the scale that we're talking about. So, obviously you can't do
that at that scale with a human expert. So instead, you have a machine that you
can train to do that.”

Another crucial aspect of threat detection is analyzing URL strings. While humans can often identify misspellings or other irregularities, machines struggle to differentiate between legitimate and malicious URLs. To overcome this, Palo Alto Networks uses machine learning to assess the characteristics of a URL and classify it as either benign or malicious. This approach enhances their ability to detect phishing attempts and other credential-based attacks:

“So, in this case, we have machine learning applied to both the text on the page
and the image present. … often an expert can quickly identify misspellings or
fraudulent URLs, like if someone misspelled 'Amazon' in the URL. They can
visually inspect it and recognize the issue. However, we can also apply machine
learning to analyze the URL string itself, such as 'www.go0gle.com.' By training
the model with various strings, we can determine if a URL is malicious or benign."

David Szabo, who conducted the interview, raises an interesting point about the computational requirements of running machine learning models on firewalls. Billy explains that while the processing power required is significant, the main limiting factor is memory. Firewalls need to handle massive volumes of data, making memory optimization essential. By designing lightweight models and leveraging efficient memory usage, Palo Alto Networks successfully implements machine learning at the edge, allowing for real-time threat detection without compromising performance.

“I'm most proud of machine learning in the firewall. Taking this huge ML
problem and running it in our edge device. The idea is we're going to take all
of our big machine learning in the cloud, which makes sense since you have all
the resources of the cloud to do it there, and we're actually going to push it
down until it's running in the firewall.

I describe this as if you have this huge firehose of data — all this information
that's coming from WildFire, from URL filtering, from all these different places,
and we're going to winnow that down and get to a very, very, very tiny model
that we can run in real time on the firewall. And this model is going to actually
run at packet speed.”

The conversation then shifts to the process of training the machine learning models. Billy explains that the training is conducted in the cloud, utilizing vast amounts of data collected from various sources. Palo Alto Networks builds a new version of the model every day, incorporating data from the previous two to three weeks. These models undergo rigorous testing on separate datasets spanning two months, ensuring their effectiveness and adaptability to evolving threat landscapes. Once a new model proves superior to the existing one, it is distributed to all the firewalls within the network.

Billy expresses his pride in the achievement of deploying machine learning on firewalls, allowing for real-time threat detection at the packet level. This innovation enables Palo Alto Networks to swiftly identify and block malicious activities without requiring the entire file for analysis. By continually updating its models and distributing them to the firewalls, the company stays at the forefront of security technology.

In conclusion, the use of artificial intelligence and machine learning has become a critical component in the battle against evolving cyberthreats and threat actors, who employ their own versions of these tools. Palo Alto Networks, under the leadership of Billy and his AI research team, has made significant strides in using these technologies to protect customers from malware and other malicious activities. With the exponential growth of malware over the years, it has become essential to find innovative ways to identify and prevent attacks.

Watch the full interview on the Cortex YouTube Channel!

The post From Phishing to Firewalls: Solving Security with AI appeared first on Palo Alto Networks Blog.

As a global leader in cybersecurity, Palo Alto Networks is committed to protecting everyone’s digital way of life. We are proud to be added to the EPA's Green Power Partnership and to announce that our 1.5C-aligned Science-Based Targets have been validated by the Science-Based Targets Initiative (SBTi). Central to that mission is a positive attitude about climate, the life on earth that it supports, and the overall sustainability that seeks to be out in front of every threat.

When we set out to build a sustainability strategy, we agreed that we must lead, not follow. We need climate science and specific Palo Alto Networks data to serve as guardrails. Then we can set goals and subsequent strategies to reach them.

We engaged with leading external consultancies, conducted a comprehensive analysis of our global environmental footprint, and obtained third-party assurance of our analysis and related emissions data across all three Scopes:

• Our environmental footprint is complete, transparent and third-party verified.
• Our goal setting is strategic, science-based and driven by data.
• Our sustainability strategy is focused on genuine impact.

Palo Alto Networks joined the Science Based Targets Initiative in 2021, setting and acting on emissions targets that are aligned to The United Nations Framework Convention on Climate Change (UNFCCC) guidance to limit global temperature rise to 1.5°C above pre-industrial levels. We are committed to doing our part to eliminate negative environmental impacts and injustices:

• Acting on our validated 1.5C-aligned Science-Based Targets.
• Achieving our 100% renewable energy goals (RE100, sunsetting our previous “carbon neutral” objective).
• Raising all sustainability ambitions by engaging in the most reputable coalitions, collaborating across our value chain, and advocating for meaningful climate policy.

Our Progress

In late 2022, we joined Silicon Valley Power’s Large Company Renewable Energy Program. Being in the first tranche of companies to participate will accelerate progress on our RE100 goal and SBTs. Notably, our Palo Alto Networks Santa Clara, California headquarters is over 60% of our global footprint, and this engagement puts all of it on renewable electricity.

In May 2023 we joined the EPA’s Green Power Partnership. By using green power, we are reducing our carbon footprint and supporting the transition to a clean energy future.

“EPA applauds Palo Alto Networks for its leadership position in the green power marketplace. Palo Alto Networks is an excellent example for other organizations in reducing greenhouse gas emissions through green power investment and use," said James Critchfield, Program Manager of EPA's Green Power Partnership.

According to the U.S. EPA, Palo Alto Networks green power use is equivalent to the electricity use of nearly 2,000 average American homes annually. Palo Alto Networks believes that the only way forward is with collaboration. We believe the only way to create a 100% renewable electricity grid is to partner with local utilities and peers, as well as duplicate this best practice everywhere we work and live.

Critical to this strategy, Palo Alto Networks will not purchase or use unbundled RECs or offsets to make any claims of progress toward our RE100 goal, SBTs or any other objective that requires impact. Engagement with local utilities aligns with this ethos. Best of all, when every large business commits to reaching RE100 goals this way, it opens renewable electricity up for everyone on the grids we are on.

Among the most important elements of our Sustainable Ecosystem is climate, clean energy and cybersecurity policy advocacy. In the past year we have supported a number of important policy pieces, including Ceres’ sign-on for SEC disclosure support, the WEF Alliance of CEO Climate Leaders Message for COP27, ITI’s disclosure of Greenhouse Gas Emissions and Climate-Related Financial Risk, among others. We believe policy support is the most important thing we can do to proliferate renewable energy, solve environmental injustice, and keep everyone safe online.

In our third year of disclosing our environmental impact to CDP, Palo Alto Networks was added to the CDP Climate A List for 2022 for the first time. This honor is awarded only to the top 2% of over 18,700 companies scored by CDP, as well as CDP’s Supply Chain Leaderboard. Palo Alto Networks is incredibly proud to be one of only 330 companies named as leaders in corporate transparency and climate action.

Our employees represent our most powerful tool in our sustainability work. This April and May, over 10% of our employees participated in Earth Month initiatives that focused on local, “Do One Thing” activities. Sustainability education was the most popular theme, and we had over 800 employees participate in our FLEXLearn Sustainability 101 module.

Our journey has just begun and we have a lot of work to do. To that point, our Climate Strategy focuses on three core pillars:

Goals for the Globe

To achieve any of these goals, we need a global team. As we look to be meaningful contributors to a zero-carbon economy, we invite all members of our coalition of suppliers, customers, peers, investors, employees and responsible members of the communities to join us. The positive impact of one organization is a good step. The impact of a large team of climate warriors can solve the challenges of climate change.

Palo Alto Networks calls on all our suppliers, customers, investors and stakeholders:

• Measure your carbon footprint.
• Set science-based targets and RE100 goals.
• Collaborate with us to make progress on each others' SBTs and RE100 goals.

We invite our employees to do their part:

• Take our FLEXLearn Sustainability 101 course.
• Invest in decarbonization and renewable energy for yourselves at home.
• Educate others how to do this in the communities where we work and live.

To read more about our broader environmental, social and governance practices, visit our Corporate Responsibility page.

The post Data-Driven Goals and Science-Based Strategy appeared first on Palo Alto Networks Blog.